Skip to content

API keys

API keys let your own tools read your Lead Source data — pulling leads into a spreadsheet, a CRM sync you’ve built, anything that can make a web request. Available on every plan.

  1. Settings → API keys → Create API key.
  2. Name it after what will use it (e.g. CRM sync) — future-you needs to know which key is safe to revoke.
  3. Optionally set an expiry date; blank means no expiry.
  4. Select Create key, and copy it immediately — “Your new API key, copy it now. It won’t be shown again.” means exactly that. Store it somewhere secure; treat it like a password.

Keys start ls_. Accounts can hold up to 10 active keys — one per tool is the healthy pattern, so revoking one thing never breaks another.

The page’s “Using your key” section shows the live examples: send the key as a Bearer token (or an x-api-key header) to the API, e.g. reading your leads from app.leadsource.co/api/v1/leads. Copy the curl example from the page — it’s always current.

Each key shows Usage this hour against the 1,000-requests-per-hour limit, so you can spot a runaway integration at a glance.

The revoke confirmation is blunt on purpose: the key stops working immediately, anything using it starts getting 401 errors, and it can’t be undone. If a key may have leaked, revoke first and reconnect your tool with a fresh one after — a minute of downtime beats an exposed key.

  • Lost the key value? It can’t be re-shown. Create a new key, update your tool, revoke the old one.
  • Getting 401 errors? The key was revoked or expired — check the list and issue a fresh one.
  • Hitting the hourly limit? Something is polling harder than it needs to; most tools are fine checking every few minutes.